GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4,701 advisories
Incomplete fix for CVE-2026-34935: Command Injection in MervinPraison/PraisonAI
Critical
GHSA-9qhq-v63v-fv3j
was published
for
praisonai
(pip)
Apr 17, 2026
Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration
Critical
CVE-2026-23500
was published
for
dolibarr/dolibarr
(Composer)
Apr 17, 2026
Paperclip: OS Command Injection via Execution Workspace cleanupCommand
Critical
GHSA-vr7g-88fq-vhq3
was published
for
@paperclipai/server
(npm)
Apr 16, 2026
Paperclip: Privilege Escalation via Agent-Controlled workspaceStrategy.provisionCommand Leading to OS Command Execution
High
GHSA-265w-rf2w-cjh4
was published
for
@paperclipai/server
(npm)
Apr 16, 2026
Flowise: Authenticated RCE Via MCP Adapters
Critical
CVE-2026-40933
was published
for
flowise
(npm)
Apr 16, 2026
PowerShell Command Injection in Podman HyperV Machine
Moderate
CVE-2026-33414
was published
for
github.com/containers/podman/v4
(Go)
Apr 14, 2026
Composer has a command injection via malicious perforce repository
High
CVE-2026-40176
was published
for
composer/composer
(Composer)
Apr 14, 2026
Composer has a command injection via malicious perforce reference
High
CVE-2026-40261
was published
for
composer/composer
(Composer)
Apr 14, 2026
ProTip!
Advisories are also available from the
GraphQL API